Software /
code /
prosody
Annotate
util/sasl_cyrus.lua @ 3468:d50e2c937717
mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
author | Waqas Hussain <waqas20@gmail.com> |
---|---|
date | Mon, 23 Aug 2010 16:54:56 +0500 |
parent | 3467:c9f4c3aa14a1 |
child | 3549:395d5bb5266e |
rev | line source |
---|---|
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
1 -- sasl.lua v0.4 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2009 Tobias Markmann |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
3 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
4 -- All rights reserved. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
5 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
6 -- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
7 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
8 -- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
9 -- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
10 -- * Neither the name of Tobias Markmann nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
11 -- |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
12 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
13 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
14 local cyrussasl = require "cyrussasl"; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
15 local log = require "util.logger".init("sasl_cyrus"); |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
16 |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
17 local setmetatable = setmetatable |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
18 |
2394
a2972f9fda6d
util.sasl_cyrus: Further fixing and cleanup.
Tobias Markmann <tm@ayena.de>
parents:
2393
diff
changeset
|
19 local pcall = pcall |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
20 local s_match, s_gmatch = string.match, string.gmatch |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
21 |
3298
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
22 local sasl_errstring = { |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
23 -- SASL result codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
24 [1] = "another step is needed in authentication"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
25 [0] = "successful result"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
26 [-1] = "generic failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
27 [-2] = "memory shortage failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
28 [-3] = "overflowed buffer"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
29 [-4] = "mechanism not supported"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
30 [-5] = "bad protocol / cancel"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
31 [-6] = "can't request info until later in exchange"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
32 [-7] = "invalid parameter supplied"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
33 [-8] = "transient failure (e.g., weak key)"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
34 [-9] = "integrity check failed"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
35 [-12] = "SASL library not initialized"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
36 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
37 -- client only codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
38 [2] = "needs user interaction"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
39 [-10] = "server failed mutual authentication step"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
40 [-11] = "mechanism doesn't support requested feature"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
41 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
42 -- server only codes -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
43 [-13] = "authentication failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
44 [-14] = "authorization failure"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
45 [-15] = "mechanism too weak for this user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
46 [-16] = "encryption needed to use mechanism"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
47 [-17] = "One time use of a plaintext password will enable requested mechanism for user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
48 [-18] = "passphrase expired, has to be reset"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
49 [-19] = "account disabled"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
50 [-20] = "user not found"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
51 [-23] = "version mismatch with plug-in"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
52 [-24] = "remote authentication server unavailable"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
53 [-26] = "user exists, but no verifier for user"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
54 |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
55 -- codes for password setting -- |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
56 [-21] = "passphrase locked"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
57 [-22] = "requested change was not needed"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
58 [-27] = "passphrase is too weak for security policy"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
59 [-28] = "user supplied passwords not permitted"; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
60 }; |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
61 setmetatable(sasl_errstring, { __index = function() return "undefined error!" end }); |
94087ee7587b
util.sasl_cyrus: Added a table mapping error codes to strings.
Waqas Hussain <waqas20@gmail.com>
parents:
3157
diff
changeset
|
62 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
63 module "sasl_cyrus" |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
64 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
65 local method = {}; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
66 method.__index = method; |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
67 local initialized = false; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
68 |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
69 local function init(service_name) |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
70 if not initialized then |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
71 local st, errmsg = pcall(cyrussasl.server_init, service_name); |
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
72 if st then |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
73 initialized = true; |
2404
d7abdd6893b8
util.sasl_cyrus: Report an error if Cyrus SASL init fails.
Tobias Markmann <tm@ayena.de>
parents:
2403
diff
changeset
|
74 else |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
75 log("error", "Failed to initialize Cyrus SASL: %s", errmsg); |
2402
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
76 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
77 end |
0f884bb1f08a
util.sasl_cyrus: Automatically initialize Cyrus SASL with the first used service name.
Tobias Markmann <tm@ayena.de>
parents:
2401
diff
changeset
|
78 end |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
79 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
80 -- create a new SASL object which can be used to authenticate clients |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
81 function new(realm, service_name, app_name) |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
82 |
3063
ca149818083d
util.sasl_cyrus: Support for specifying the application name (to pass to Cyrus SASL's init())
Matthew Wild <mwild1@gmail.com>
parents:
2903
diff
changeset
|
83 init(app_name or service_name); |
2403
916482cdfb74
util.sasl_cyrus: Removing whitespace.
Tobias Markmann <tm@ayena.de>
parents:
2402
diff
changeset
|
84 |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
85 local st, ret = pcall(cyrussasl.server_new, service_name, nil, realm, nil, nil) |
3428
8a12ae696687
util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents:
3426
diff
changeset
|
86 if not st then |
2902
c405486f289c
util.sasl_cyrus: Clarify some log messages and levels
Matthew Wild <mwild1@gmail.com>
parents:
2901
diff
changeset
|
87 log("error", "Creating SASL server connection failed: %s", ret); |
2901
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
88 return nil; |
5f3ccf7dd3f1
util.sasl_cyrus: Protect the call to cyrussasl.server_new properly.
Paul Aurich <paul@darkrain42.org>
parents:
2895
diff
changeset
|
89 end |
2895
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
90 |
3428
8a12ae696687
util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents:
3426
diff
changeset
|
91 local sasl_i = { realm = realm, service_name = service_name, cyrus = ret }; |
8a12ae696687
util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents:
3426
diff
changeset
|
92 |
2895
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
93 if cyrussasl.set_canon_cb then |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
94 local c14n_cb = function (user) |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
95 local node = s_match(user, "^([^@]+)"); |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
96 log("debug", "Canonicalizing username %s to %s", user, node) |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
97 return node |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
98 end |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
99 cyrussasl.set_canon_cb(sasl_i.cyrus, c14n_cb); |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
100 end |
ea5fe15a82f5
util.sasl_cyrus: If available, use a c14n callback for interoperability with bad clients.
Paul Aurich <paul@darkrain42.org>
parents:
2881
diff
changeset
|
101 |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
102 cyrussasl.setssf(sasl_i.cyrus, 0, 0xffffffff) |
3428
8a12ae696687
util.sasl_cyrus: Cleanup.
Waqas Hussain <waqas20@gmail.com>
parents:
3426
diff
changeset
|
103 return setmetatable(sasl_i, method); |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
104 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
105 |
3426
37b9b8e171b9
util.sasl_cyrus: Removed method:forbidden().
Waqas Hussain <waqas20@gmail.com>
parents:
3373
diff
changeset
|
106 -- get a fresh clone with the same realm and service name |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
107 function method:clean_clone() |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
108 return new(self.realm, self.service_name) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
109 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
110 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
111 -- get a list of possible SASL mechanims to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
112 function method:mechanisms() |
3365
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
113 local mechanisms = self.mechs; |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
114 if not mechanisms then |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
115 mechanisms = {} |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
116 local cyrus_mechs = cyrussasl.listmech(self.cyrus, nil, "", " ", "") |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
117 for w in s_gmatch(cyrus_mechs, "[^ ]+") do |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
118 mechanisms[w] = true; |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
119 end |
32dc830d976c
util.sasl, util.sasl_cyrus: Updated method:mechanisms() to cache and re-use list of mechanisms.
Waqas Hussain <waqas20@gmail.com>
parents:
3363
diff
changeset
|
120 self.mechs = mechanisms |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
121 end |
3363
a4bb658d3fcb
SASL: Simplified sasl_handler:mechanisms() to return a set, and not an array.
Waqas Hussain <waqas20@gmail.com>
parents:
3299
diff
changeset
|
122 return mechanisms; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
123 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
124 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
125 -- select a mechanism to use |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
126 function method:select(mechanism) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
127 self.mechanism = mechanism; |
3373
cd6836586a6a
util.sasl, util.sasl_cyrus: s/self.mechanisms()/self:mechanisms()/ in method:select().
Waqas Hussain <waqas20@gmail.com>
parents:
3366
diff
changeset
|
128 return self:mechanisms()[mechanism]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
129 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
130 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
131 -- feed new messages to process into the library |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
132 function method:process(message) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
133 local err; |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
134 local data; |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
135 |
3443
1159e007cc8f
util.sasl_cyrus: Make multi-step SASL mechanisms work correctly.
Waqas Hussain <waqas20@gmail.com>
parents:
3441
diff
changeset
|
136 if not self.first_step_done then |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
137 err, data = cyrussasl.server_start(self.cyrus, self.mechanism, message or "") |
3443
1159e007cc8f
util.sasl_cyrus: Make multi-step SASL mechanisms work correctly.
Waqas Hussain <waqas20@gmail.com>
parents:
3441
diff
changeset
|
138 self.first_step_done = true; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
139 else |
2396
39b2523bcf44
first working version with Cyrus SASL support.
jorj@jorj.org
parents:
2394
diff
changeset
|
140 err, data = cyrussasl.server_step(self.cyrus, message or "") |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
141 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
142 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
143 self.username = cyrussasl.get_username(self.cyrus) |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
144 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
145 if (err == 0) then -- SASL_OK |
3468
d50e2c937717
mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents:
3467
diff
changeset
|
146 if self.require_provisioning and not self.require_provisioning(self.username) then |
d50e2c937717
mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents:
3467
diff
changeset
|
147 return "failure", "not-authorized", "User authenticated successfully, but not provisioned for XMPP"; |
d50e2c937717
mod_saslauth, mod_auth_cyrus, util.sasl_cyrus: Moved cyrus account provisioning check out of mod_saslauth.
Waqas Hussain <waqas20@gmail.com>
parents:
3467
diff
changeset
|
148 end |
3467
c9f4c3aa14a1
util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents:
3443
diff
changeset
|
149 return "success", data |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
150 elseif (err == 1) then -- SASL_CONTINUE |
3467
c9f4c3aa14a1
util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents:
3443
diff
changeset
|
151 return "challenge", data |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
152 elseif (err == -4) then -- SASL_NOMECH |
3467
c9f4c3aa14a1
util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents:
3443
diff
changeset
|
153 log("debug", "SASL mechanism not available from remote end") |
c9f4c3aa14a1
util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents:
3443
diff
changeset
|
154 return "failure", "invalid-mechanism", "SASL mechanism not available" |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
155 elseif (err == -13) then -- SASL_BADAUTH |
3467
c9f4c3aa14a1
util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents:
3443
diff
changeset
|
156 return "failure", "not-authorized", sasl_errstring[err]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
157 else |
3467
c9f4c3aa14a1
util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents:
3443
diff
changeset
|
158 log("debug", "Got SASL error condition %d: %s", err, sasl_errstring[err]); |
c9f4c3aa14a1
util.sasl_cyrus: Spaces -> tabs.
Waqas Hussain <waqas20@gmail.com>
parents:
3443
diff
changeset
|
159 return "failure", "undefined-condition", sasl_errstring[err]; |
2389
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
160 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
161 end |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
162 |
8f6526da4757
Adding sasl_cyrus.lua. A sasl.lua drop-in replacement to use CyrusSASL for all c2s authentication.
Tobias Markmann <tm@ayena.de>
parents:
diff
changeset
|
163 return _M; |